How to Obtain an ADFS Token for Microsoft Graph API in Postman?

Question

I'm attempting to obtain an ADFS token using Postman.

Initially, I needed to acquire a token for a Microsoft (MS) account, so I made the following POST request in Postman:

" POST https://login.microsoftonline.com/{tenant}/oauth2/token" in postman with body that "grant_type:password,client_id, client_secret,resource:https://graph.microsoft.com,username,password".

This client info are azure app info. The client information corresponds to an Azure app. I followed the instructions from https://dzone.com/articles/getting-access-token-for-microsoft-graph-using-oau

However, this method does not return a token for an ADFS account. To address this, I modified the request URL to: "POST https://{adfs-domai}/adfs/oauth2/token"

But I received the following error: "Error details: MSIS7065: There is no registered protocol handler to process the incoming request on the /adfs/oauth2/token path"

My questions are:

If I configure the protocol in the ADFS server, is it possible to obtain a token that includes both an access token and a refresh token, which can be used with Microsoft Graph API?

How do I create or configure a protocol handler on the ADFS server? Should I develop a custom handler for generating tokens, or does the ADFS server natively support OAuth2 handlers?

Answer 1

There are instructions here for configuring ADFS for OIDC.

However, these are for an API protected by ADFS.

Microsoft Graph API typically expects tokens issued by Entra ID, not ADFS.

You might be able to get the correct token via federation, but I've never tried it.